Jiří Pospíšil's bloghttps://jpospisil.com2017-06-02T19:16:00+02:00Jiří PospíšilUnderstanding lock files in NPM 5https://jpospisil.com/2017/06/02/understanding-lock-files-in-npm-5.html2017-06-02T19:16:00+02:002017-07-29T20:57:09+02:00Jiří Pospíšil<p>The next major version of NPM brings a number of improvements over the previous
versions in terms of speed, security, and a bunch of other <a href="http://blog.npmjs.org/post/161276872334/npm5-is-now-npmlatest">nifty
things</a>. What
stands out from the user&rsquo;s perspective however is the new lock file. Actually
lock <em>files</em>. More on that in a second. For the uninitiated, a <code>package.json</code>
file describes the top level dependencies on other packages using
<a href="http://semver.org/">semver</a>. Each package might in turn depend on other
packages and so on and so forth. A lock file is a snapshot of the entire
dependency tree and includes all packages and their resolved versions.</p>
<p>As opposed to the previous version, the lock file now includes an integrity
field which uses <a href="https://w3c.github.io/webappsec-subresource-integrity/">Subresource
Integrity</a> to verify
that the installed package has not been tampered with or is otherwise invalid.
It currently supports SHA-1 for packages published with an older version of NPM
and SHA-512 which is used from now on by default.</p>
<p>The definitive guide to Arel, the SQL manager for Rubyhttps://jpospisil.com/2014/06/16/the-definitive-guide-to-arel-the-sql-manager-for-ruby.html2014-06-16T18:29:00+02:002017-08-12T15:15:16+02:00Jiří Pospíšil<p>Arel is the kind of library that many of us Rails developers use on a daily
basis and might not even know about it. So what&rsquo;s this library whose name only
pops up when everything else fails all about?</p>
<p>It&rsquo;s all about providing frameworks with a way of building and representing SQL
queries. It&rsquo;s not the kind of library you would <em>typically</em> want to use directly
(although you could as shown in a minute). Arel is meant to be the basic
building block upon which frameworks build their own APIs that are more suitable
for the end user.</p>
<p>One of those frameworks is ActiveRecord (AR), the default ORM in Rails.
ActiveRecord&rsquo;s responsibility is to provide a connection to the database, a
convenient way to specify relationships between your models, provide a nice
query interface and all the other things we enjoy.</p>
<p>Replacing Make with Ninjahttps://jpospisil.com/2014/03/16/replacing-make-with-ninja.html2014-03-16T17:00:00+01:002017-08-12T15:46:16+02:00Jiří Pospíšil<p>Make and all of its flavours have been here for almost 40 years and it&rsquo;s a tool
hard to beat for many things. There are however cases when you do not need the
power of Make and are willing to trade the flexibility for something else. In
case of <a href="https://ninja-build.org">Ninja</a>, for its speed.</p>
<p>Speed is the main motivation behind Ninja and its decisions how to write your
build files. Ninja was written by <a href="http://neugierig.org">Evan Martin</a>
specifically to fight slow build cycles while working on Google Chrome. </p>
<p>The bigger the project, the longer it takes to figure out what files need to be
recompiled or if any action is required at all. As a result of numerous
optimizations, Ninja is much faster when compared to alternatives. Ninja&rsquo;s
secret is to do the least amount of work possible and let other more high level
tools to handle the rest upfront. </p>
<p>